diff --git a/src/main/java/org/opensearch/security/ssl/SslSettingsManager.java b/src/main/java/org/opensearch/security/ssl/SslSettingsManager.java index 381c510894..fbd13eea17 100644 --- a/src/main/java/org/opensearch/security/ssl/SslSettingsManager.java +++ b/src/main/java/org/opensearch/security/ssl/SslSettingsManager.java @@ -23,6 +23,7 @@ import org.apache.logging.log4j.Logger; import org.opensearch.OpenSearchException; +import org.opensearch.common.Booleans; import org.opensearch.common.settings.Settings; import org.opensearch.env.Environment; import org.opensearch.security.ssl.config.CertType; @@ -373,11 +374,24 @@ void openSslWarnings(final Settings settings) { } LOGGER.debug("OpenSSL available ciphers {}", OpenSsl.availableOpenSslCipherSuites()); - } else { - LOGGER.warn( - "OpenSSL not available (this is not an error, we simply fallback to built-in JDK SSL) because of {}", - OpenSsl.unavailabilityCause() - ); + } else { + boolean openSslIsEnabled = false; + + if (settings.hasValue(SECURITY_SSL_HTTP_ENABLE_OPENSSL_IF_AVAILABLE) == true) { + openSslIsEnabled |= Booleans.parseBoolean(settings.get(SECURITY_SSL_HTTP_ENABLE_OPENSSL_IF_AVAILABLE)); + } + + if (settings.hasValue(SECURITY_SSL_TRANSPORT_ENABLE_OPENSSL_IF_AVAILABLE) == true) { + openSslIsEnabled |= Booleans.parseBoolean(settings.get(SECURITY_SSL_TRANSPORT_ENABLE_OPENSSL_IF_AVAILABLE)); + } + + if (openSslIsEnabled == true) { + /* only print warning if OpenSsl is enabled explicitly but not available */ + LOGGER.warn( + "OpenSSL not available (this is not an error, we simply fallback to built-in JDK SSL) because of ", + OpenSsl.unavailabilityCause() + ); + } } }